Jump to content

Search the Community

Showing results for tags 'password'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Welcome to ProcessWire
    • News & Announcements
    • Showcase
    • Wishlist & Roadmap
  • Community Support
    • Getting Started
    • Tutorials
    • FAQs
    • General Support
    • API & Templates
    • Modules/Plugins
    • Themes and Profiles
    • Multi-Language Support
    • Security
    • Jobs
  • Off Topic
    • Pub
    • Dev Talk

Product Groups

  • Form Builder
  • ProFields
  • ProCache
  • ProMailer
  • Login Register Pro
  • ProDrafts
  • ListerPro
  • ProDevTools
  • Likes
  • Custom Development

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. Hi All, Im working on streamlining my email sending setup for SMTP. I have a page where the user of the website can input the SMTP host, port, connection type email and password etc but the password field has an additional box underneath it for 'Confirming' it as if it were a new password. The placeholder text also says 'New Password' but I want to be able to change that. I just need an input field where they can enter their SMTP password without it being plain text. Thanks for your help!
  2. I have a client who is reporting that in the last couple of days they can no longer login to their site with their normal browser (Chrome). Using another browser or an incognito window works. I've tried logging into the site using the same login details in my usual browser (Firefox) and have had no problems. The site is a membership site and today other members are reporting the same problem. The site is running 3.0.148 and has the session handler DB and login throttle modules installed. It was recently upgraded to 3.x from 2.x. But no changes have been made to the site between the time when they were able to login OK and when the problem started happening.
  3. Password Generator Adds a password generator to InputfieldPassword. Usage Install the Password Generator module. Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field. *Settings not supported by the generator: Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur. https://modules.processwire.com/modules/password-generator/ https://github.com/Toutouwai/PasswordGenerator
  4. Hi there, I'm developing locally on my laptop and we have a testing server where I deploy via rsynch + running a DB Dump script. (Exported via MySQLWorkbench) I've noticed that the admin password becomes invalid every time a DB Dump script is run on the server. Is this possibly because there's a hash and/or salt stored alongside the password and my local one is not valid on the server? Are there better practices of synching between my local Processwire and the server instance to prevent the admin password being invalidated?
  5. We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption. How can I be sure that user has active account when they use the App?
  6. Hello, can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted? I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0? If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily? I know this might be an unusual question, but I would appreciate any feedback. Regards, Andreas
  7. I have a simple front-end password update form like this: In the browser the label of the second field shows up as follows: WTH?! I can't figure out what is changing the label, what is inserting /processwire/ and reformatting the thing. Is this something in PW? A "helpful" thing that browsers do? Edit: The problem disappears if I simply rename the second field to 'Confirm Password'. So my problem is solved, but I'll leave this here in case this is some kind of bug.
  8. Hey guys... Ok so I have a problem with a registration form password inputfield... The problem is that InputfieldPassword.js and InputfieldPassword.css are not loaded/fired. Or I dont even know exactly what is happening... Im pretty new to processwire and the website was not created by me so Im trying to figure out what has been done and how processwire works. Anyway this is how the form looks right now: ...and as you can see the styling is off (password validation check in particular)... this is what I see when page is loaded (without adding any input)... it looks like js and css files from wire/modules/Inputfield/InputfieldPassword are not firing... I dont know how it is supposed to work exactly so I dont even know where to start. Maybe someone has had similar problem and know an easy fix or can navigate me to what could cause this situation in PW. Oh by the way this problem occured when upgrading the PW version (current version 3.0.65)... everything else is ok... this is the only problem that has been found after upgrade... Appreciate all the help! Cheers!
  9. Yesterday we somehow lost access to all current admin, superuser/passwords to processwire. We tried using the reset password form and nothing was sent. We began noticing some of the menu buttons went missing as well as some photos. Any suggestions how to resolve the login issue?
  10. How do you get the same 'set password' form/input fields on the front-end as in the admin area? I have a working front-end version, but the admin version has some nifty stuff around it. Should be easy to get the same on the front-end, right?
  11. I'm going to build a form for front-end user password changing. There should be three input fields current password new password confirm new password I knew that, password stored in database is hashed. How could I compare the input current password with the password stored in database ?
  12. Hey all. I just came across a potential error in the FieldtypePassword. I have a password field added to some templates to protect the pages. However, whenever I want to save a page, I get the error of "required fiield missing"...that the password field is required and missing. But, the field is not set to required. Can anybody confirm that and/or has a solution? Best, Lukas
  13. Hello, Newbie question here. I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races. I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science. So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up. I'm retrieving user/pass from the sign-up form which has been posted before but : if($session->login($user, $pass)) { // login successful $session->redirect(elsewhere); } else echo "failed"; ... fails everytime. Do I have to use something like : $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?) I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ? ... Or I can add all information I need into PW but I'd like to understand where it is stored. Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ? Thanks
  14. Hello, I see that the backend of processwire is simple. I like that but... I've forgotton my email for my backend project I'm creating locally with MAMP. Simple but... where is the button such as, "forgot password". I suppose I missing something obviuos but I cannot find it in the display neither in google or in these forums. So, How do you reset/retieve your password from you backend of processwire? Greetings, Dani
  15. If anyone can help with this that would be great. The password reset link is localhost? but i'm viewing the site from it's live url. Thanks, Jason
  16. Hello, I am trying to get the cleartext password in a hook on saveReady in an autoload module. But I get the already hashed value of the password: Session: pass: L1/CERxHKqXJCJkogk89O48b4bMnsqW What I have protected $templates = ["user", "server"]; public function init() { $this->pages->addHookAfter('saveReady', $this, 'hookSaveReady'); } public function hookSaveReady(HookEvent $event) { $page = $event->arguments[0]; if($page->isNew) return; if(!in_array($page->template, $this->templates)) return; if($page instanceof User) $this->collectUserData($page); } public function collectUserData($page) { foreach ($page->fields as $field) { /*if( $page->isChanged($field) ) */$this->message($field->name . ": " . $page->$field); } } I guess I am hooking too late in the process but have no idea where to place the hook instead. EDIT: same with addHookBefore
  17. Hi Forum, I need to secure some downloads with a simple login form. As login tasks are new to me I try to adapt the code from this forum post for my purposes. This is where I am so far: A page with input field type "password" (name "password"). This code: <?php password protected areaif ($page->password) { $pass = $page->password; if ($input->post->pass != $pass) { echo "$page->body" . file_get_contents("./_login-form.inc"); // not logged in? get input form } else { foreach ($page->downloads as $file) { echo "<h2>Sie sind eingeloggt</h2>"; echo "<ul>" . "<li class='plain'><i class='fa fa-download'></i><a href='$file->url';?> $file->description</a></li>" . "</ul>"; } // foreach } // $input->post} //$page->password?> And for _login-form.inc <form method="post" action="./" accept-charset="UTF-8"> <input type="password" id="pass" name="pass" placeholder="" /> <button type="submit" name="submit" class="btn btn-success btn-block">Login</button></form> Unfortunately the conditional always returns false even if the correct password has been entered into the form. This is the first time I'm using fieldtype password, thus I don't know how to check for the correct password entered (I understand the value is stored encrypted but that's all I know). Any help is much appreciated. Thanks!
  18. I didn't have time to look into the code, so I have to ask here: is there a limit for the password length? I'm using LastPass and wherever it's possible I use ridiculously long passwords. And so I did in PW for an admin password. After a logout I couldn't log in again. I managed to do that only after setting the pass to something shorter than 50-chars. I see no reason why the passwords could have been limited (as they're hashed anyway), so that totally might be something on my end (or LastPass). But, just in case, I thought it's worth mentioning here as a potential issue.
  19. I have a client who is a record label and they need to have some pages for promoting albums, where there can be a password they give to a reviewer, so the reviewer can go to the URL, type in the password, and be able to view the content (which will be streaming audio and downloads of the album in question). i have found some simple ways online to do this with PHp, but i'm wondering if there is a better/simple way to interact with PW session to achieve this. The client doesn't want to have to add roles/users or deal with permissions...they just want to have an input field where they can put in the password for that album... TIA, Marc
  20. Hi, On a 2.5 install I try to add a second super user. After adding and saving it with password assigned, It gets displayed with a strike through in the user list. When I then edit and save it again, I get this error: Missing required value Required password was not specified. But the password was entered already when I added the user. This is happening only on a clone of an install on my dev server. When I add the same user on my local environment, everything is working as expected. The install on the dev server is the same where I get the persistent httpHost error described in my other thread. Also the httpHost error message gets displayed twice, above the user list and on the very top: I have other PW installs on that server which are all running smoothly. Any pointers to a solution would be great. Thank you.
  21. Hi everyone, i want to create a user on the fly with sso, i recieve the password already hashed and want to save the user without having the password hashed by processwire afterwards. so far i could leave it rehashed in the database as long as the customer does not want to allow the users to use the direct loginmask. but if that changes, i would be in trouble. so is there a processwire way to do this or do i have to put the user in manually. i know we will have someone intelligent helping me out here
  22. Hello, I'm learning about password management/security in order to synchronize logins between PW users and Foxycart. In Foxycart I need to choose the password hash type I'm using. In my installation of PW wire->config.php shows: $config->userAuthHashType = 'sha1'; But in the post https://processwire.com/talk/topic/2954-password-hashing/ Ryan says: I'm using 2.4.4 version. As the server which PW shows blowfish is available I understand PW is using it. Foxycart doesn´t list this hash algorithm available. So, where should I change the hash method in wire->config? but it is overriden if blowfish is available in the server anyway? I'm a bit lost here , any direction / help would be appreciated.
  23. Following on from my register template yesterday, I have modified it slightly to act as an "edit profile" template. It mostly works but I'm having problems with when the password gets updated. I originally thought this may be as when I'm giving the user a new pass and saving, they would no longer be logged-in as their password would be incorrect. Is that so? Here is a gist so as to not clutter up the thread! (You see I do listen, Soma ) https://gist.github.com/anonymous/0ecf562bb0f3fe923614
  24. Is the password field compatible with the "required" option? I only ask because if I make it a required option when editing a page if I haven't changed the password, it throws a required error. Obviously I'd like for the user to be able to leave it blank and leave the password how it is. The problem is if I don't make it required then I may end up without a password at all. Is this something I should look to triggering via a module? Thanks.
  25. I'm having problems with password inputs within module config: First of all, it seems that simply inserting a Password inputfield and storing it's data isn't enough; everything seems to work fine, but password gets stored as plain text, which is obviously not a good idea. I could of course apply some custom logic here, but IMHO that shouldn't really be necessary (and it would most likely just create new security problems in the long run); am I missing something or is this a real problem? Another thing is that within module config password input get saved each time module settings are saved, which doesn't seem like correct behavior; shouldn't these only get saved when value has changed? Current behavior forces user to re-insert her password each time module config is saved (this actually applies to other inputs also, though this is probably the only situation where it causes problems.) I thought this latter problem could be avoided by setting password input value, but that doesn't seem to work either.. value is cleared at some later point, before input is rendered. So, what am I doing wrong here and any ideas how to fix it?
  • Create New...